We have a leak - OSINT Challenge



  • Type your comment> @elearning said:

    Type your comment> @Crafty said:

    I have an email with domain and a ssh password. Now what should I do ?
    Nothing seems to work with the zip file :/

    look at the folder stucture of the zip file and think how can you use information from email and def password.

    Tried so many permutations using the def password and the email found, with different users... still no luck.

    Anyone can send me a nudge on this one ?

  • I've hit a dead-end with the password.zip directory...can someone give me a hint? I feel like I'm missing something on Twitter...

  • I could use a hint, found the thing on twitter, but see absolutely nothing that helps with the zip or progressing further.

  • just unzipped username.zip. I'm stuck on the password to password.zip, need it to view flag.txt... Been looking for clues in Twitter but now i'm stuck. Can anyone nudge me in the right direction? Thank you!

  • Guys, I'm still stuck on usernames.zip; got an e-mail from the tweets but that's all; can someone point me to the right direction? Also, found 3 Twitter Profiles but none of them seems useful.

  • Solved all of the other OSINT challenges, this one is stumping me. I have the intel from twitter, but still cant get into the zip. Can someone send me a nudge please?

  • Im stuck!

    I manage to "unzip" the username.zip without using a password, but I cant fix the password.zip-file. I get a error while trying to unzip, so I cant even enter a password.

    I have gathered multiple bits of information from twitter, but not sure how to use it yet.

    A nudge in the right direction would probably help me greatly! :)

  • Hi Need some nudge in the right direction on unzipping the password.zip file to get the flag.txt file. Have been looking at twitter for hours but wonder what i missed out. Thanks in advance :)

  • @monstr @SleepyKaze how can the information leak through Twitter other than in the text of the message?


  • @SleepyKaze Just pm me if you want, I can try to nudge you in the right direction :) I was stuck at the same place, but the answer was right infront of me the whole time.

    @elearning Media :)

  • @monstr @elearning Thanks again for your help in pointing the correct direction.

  • This was great - know I reached out to a couple of you here, but in the end a short break away was the only thing needed! Seriously, don't over think, everything is there for you. Founding starting the scope small and increasing as needed, worked better than a broad-to-narrow approach. DM for nudges!

  • I extracted the username.zip (with proper password and without CRC-Error) then found the def password (?#?!). Am i just too stupid to type it in or do i have to do something with it? Tried several permutations . . .

  • So I've got the default SSH info, and I found the email address; what am I missing to unzip the username and password.zip?

  • @eleblanc said:

    So I've got the default SSH info, and I found the email address; what am I missing to unzip the username and password.zip?

    I'm at a dead end at the same place :/ I've searched Twitter so much I can see it when I close my eyes. Can anyone point me in the right direction?

  • I'm at a stand still. I'm able to get username.zip but having issues with password.zip. I believe I have the right creds and just not putting the password correctly. Any nudges will be appreciated.


  • Im Stumped here, I've got the username and i think i have the default pwd, but i dont think i putting the right password in. Can someone give us a wee hint?

  • im stuck at the username.zip and i got a false password. is there another password other than D? i really need a hint

  • Props to azeroth for the nudge.. without giving too much away.. I had everything I needed for the final password except without looking closer at the last password. things are not always as literal as they are when you find them.. think past, present and future

  • Am I The Only One Stuck On The Corrupt Flag.txt File?

  • Stuck on password.zip, have tried a bunch of different pw's and can't seem to get any further. Can anyone give me a nudge in the right direction? TIA!

  • This is crazy, I've got the username password for the zip file, the logic on that was rather simple but cool, now the zip password pass I dont have a clue on that one, I found something but not sure if I have the correct frame for this one...

  • I got stuck for a long time because my KDE Ark decrypted username.zip incorrectly and I got corrupted password.zip, then I used console unzip and finally got solved this challenge. Never trust GUI, guys! All archives are normal, maybe it will help someone to save hours.


  • edited December 2019

    I got the password.zip file and found a key + partial flag but it isn't working here. What am I missing?

    EDIT: Got it! Just need to actually analyze the data and not just take it as is.

  • Anyone able to DM a tip for ZIP pass? Not sure I can go much further on twitter without making an account...?

  • Need that nudge for the crc error password part.
    Just beating my head lol :) thanks much!

  • need a nudge, only managed to find default ssh password and have no idea how else to proceed D:

  • edited December 2019

    Stuck on the last password, can anyone drop a tip?

    EDIT: Got it, thanks for the hint!

  • thanks @Dethread for the nudge.

  • Hello All, i got stuck at unzip username.zip i searched in twitter and nothing usefull found , any hint to unzip it ?

Sign In to comment.